Feature/855 loan cancel reject build endpoints

backend/src/controllers/loanController.ts

@@ -58,6 +58,97 @@
   },
 );
 
+
+export const buildCancelLoanTx = async (
+  req,
+  res,
+  next,
+) => {
+  try {
+    const { loanId } = req.params;
+
+    const borrower =
+      req.user.publicKey;
+
+    const loan =
+      await loanService.getLoanById(loanId);
+
+    if (!loan) {
+      return res.status(404).json({
+        message: 'Loan not found',
+      });
+    }
+
+    if (
+      !['PENDING', 'OPEN'].includes(
+        loan.status,
+      )
+    ) {
+      return res.status(400).json({
+        message:
+          'Loan cannot be cancelled',
+      });
+    }
+
+    const transaction =
+      await sorobanService.buildCancelLoanTx(
+        borrower,
+        loanId,
+      );
+
+    return res.json({
+      success: true,
+      transaction,
+    });
+  } catch (error) {
+    next(error);
+  }
+};
+
+export const buildRejectLoanTx = async (
+  req,
+  res,
+  next,
+) => {
+  try {
+    const { loanId } = req.params;
+
+    const { reason } =
+      rejectLoanSchema.parse(req.body);
+
+    const loan =
+      await loanService.getLoanById(loanId);
+
+    if (!loan) {
+      return res.status(404).json({
+        message: 'Loan not found',
+      });
+    }
+
+    if (
+      loan.status !== 'PENDING'
+    ) {
+      return res.status(400).json({
+        message:
+          'Loan cannot be rejected',
+      });
+    }
+
+    const transaction =
+      await sorobanService.buildRejectLoanTx(
+        req.user.publicKey,
+        loanId,
+        reason,
+      );
+
+    return res.json({
+      success: true,
+      transaction,
+    });
+  } catch (error) {
+    next(error);
+  }
+};
 /**
  * POST /api/loans/:loanId/mark-defaulted (TEST/DEV ONLY)
  * Helper endpoint to mark a loan as defaulted for test setup.

backend/src/routes/adminRoutes.ts

@@ -25,8 +25,29 @@ import {
 import { getPendingGovernance } from "../controllers/adminGovernanceController.js";
 import { query } from "../db/connection.js";
 
-const router = Router();
+import { buildRejectLoanTx } from "../controllers/loanController.ts";
 
+import {
+  authenticateJWT,
+} from '../middleware/jwtAuth';
+
+import {
+  requireRoles,
+} from '../middleware/auth';
+
+import auditLog from '../middleware/auditLog';
+
+const router = express.Router();
+
+router.post(
+  '/loans/:loanId/build-reject',
+  authenticateJWT,
+  requireRoles('admin'),
+  auditLog('LOAN_REJECT_BUILD'),
+  buildRejectLoanTx,
+);
+
+export default router;
 /**
  * @swagger
  * /admin/loan-disputes:

backend/src/routes/loanRoutes.ts

@@ -48,6 +48,14 @@ import {
   liquidateLoanSchema,
   borrowerLoansQuerySchema,
 } from "../schemas/loanSchemas.js";
+import {
+  authenticateJWT,
+} from '../middleware/jwtAuth';
+
+import { requireJwtAuth } from "../middleware/jwtAuth.js";
+
+import { buildCancelLoanTx } from "../controllers/loanController.js";
+
 
 const router = Router();
 
@@ -78,6 +86,61 @@ if (process.env.NODE_ENV === "test" || process.env.NODE_ENV === "development") {
 
 router.get("/config", getLoanConfigEndpoint);
 
+/**
+ * @swagger
+ * /loans/{loanId}/build-cancel:
+ *   post:
+ *     summary: Build cancel loan transaction
+ *     tags:
+ *       - Loans
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: loanId
+ *         required: true
+ *         schema:
+ *           type: string
+ *     responses:
+ *       200:
+ *         description: Transaction built successfully
+ */
+
+/**
+ * @swagger
+ * /admin/loans/{loanId}/build-reject:
+ *   post:
+ *     summary: Build reject loan transaction
+ *     tags:
+ *       - Admin Loans
+ *     security:
+ *       - bearerAuth: []
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required:
+ *               - reason
+ *             properties:
+ *               reason:
+ *                 type: string
+ *                 minLength: 5
+ *                 maxLength: 500
+ *     responses:
+ *       200:
+ *         description: Reject transaction built
+ */
+
+
+router.post(
+  '/:loanId/build-cancel',
+  authenticateJWT,
+  requireLoanOwner,
+  buildCancelLoanTx,
+);
+
 router.post(
   "/amortization-preview",
   requireJwtAuth,

backend/src/schemas/loanSchemas.ts

@@ -1,6 +1,16 @@
 import { z } from "zod";
 import { stellarAddressSchema } from "./stellarSchemas.js";
 
+export const rejectLoanSchema = z.object({
+  reason: z
+    .string()
+    .min(5, 'Reason must be at least 5 characters')
+    .max(500, 'Reason cannot exceed 500 characters'),
+});
+
+export type RejectLoanInput =
+  z.infer<typeof rejectLoanSchema>;
+
 export const positiveAmountSchema = z
   .number()
   .int()

backend/src/services/__tests__/loanEndpoints.test.ts

@@ -0,0 +1,81 @@
+describe('POST /loans/:loanId/build-cancel', () => {
+  it('should build cancel transaction', async () => {
+    const response = await request(app)
+      .post(
+        '/loans/loan-123/build-cancel',
+      )
+      .set(
+        'Authorization',
+        `Bearer ${token}`,
+      );
+
+    expect(response.status).toBe(200);
+
+    expect(
+      response.body.transaction,
+    ).toBeDefined();
+  });
+});
+
+
+describe(
+  'POST /admin/loans/:loanId/build-reject',
+  () => {
+    it(
+      'should build reject transaction',
+      async () => {
+        const response = await request(app)
+          .post(
+            '/admin/loans/loan-123/build-reject',
+          )
+          .set(
+            'Authorization',
+            `Bearer ${adminToken}`,
+          )
+          .send({
+            reason:
+              'Insufficient collateral',
+          });
+
+        expect(
+          response.status,
+        ).toBe(200);
+      },
+    );
+  },
+);
+
+it(
+  'should reject non-cancellable loans',
+  async () => {
+    const response = await request(app)
+      .post(
+        '/loans/completed-loan/build-cancel',
+      )
+      .set(
+        'Authorization',
+        `Bearer ${token}`,
+      );
+
+    expect(response.status).toBe(400);
+  },
+);
+
+it(
+  'should fail if reason too short',
+  async () => {
+    const response = await request(app)
+      .post(
+        '/admin/loans/loan-1/build-reject',
+      )
+      .set(
+        'Authorization',
+        `Bearer ${adminToken}`,
+      )
+      .send({
+        reason: 'bad',
+      });
+
+    expect(response.status).toBe(400);
+  },
+);

backend/src/services/sorobanService.ts

@@ -16,6 +16,7 @@ import {
   getStellarRpcUrl,
 } from "../config/stellar.js";
 
+
 /**
  * Service for building and submitting Soroban contract transactions.
  * Handles the transaction lifecycle: build → (frontend signs) → submit.
@@ -33,6 +34,38 @@ class SorobanService {
     return result.connected ? "ok" : "error";
   }
 
+  async buildCancelLoanTx(
+  borrower: string,
+  loanId: string,
+) {
+  const contract = this.getLoanManagerContract();
+
+  const tx = await contract.call(
+    'cancel_loan',
+    borrower,
+    loanId,
+  );
+
+  return this.serializeTransaction(tx);
+}
+
+async buildRejectLoanTx(
+  adminPublicKey: string,
+  loanId: string,
+  reason: string,
+) {
+  const contract = this.getLoanManagerContract();
+
+  const tx = await contract.call(
+    'reject_loan',
+    adminPublicKey,
+    loanId,
+    reason,
+  );
+
+  return this.serializeTransaction(tx);
+}
+
   private getNetworkPassphrase(): string {
     return getStellarNetworkPassphrase();
   }
@@ -1213,6 +1246,7 @@ class SorobanService {
       latePenalty: process.env.SCORE_DELTA_LATE ?? "5",
     });
   }
+
 }
 
 export const sorobanService = new SorobanService();